Example 6 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class WSS4JInOutTest method testEncryption.
@Test
public void testEncryption() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION);
outProperties.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties");
outProperties.put(ConfigurationConstants.USER, "myalias");
outProperties.put("password", "myAliasPassword");
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION);
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
List<String> xpaths = new ArrayList<>();
xpaths.add("//wsse:Security");
xpaths.add("//s:Body/xenc:EncryptedData");
List<WSHandlerResult> handlerResults = getResults(makeInvocation(outProperties, xpaths, inProperties));
assertNotNull(handlerResults);
assertSame(handlerResults.size(), 1);
//
// This should contain exactly 1 protection result
//
final java.util.List<WSSecurityEngineResult> protectionResults = handlerResults.get(0).getResults();
assertNotNull(protectionResults);
assertSame(protectionResults.size(), 1);
//
// This result should contain a reference to the decrypted element,
// which should contain the soap:Body Qname
//
final java.util.Map<String, Object> result = protectionResults.get(0);
final java.util.List<WSDataRef> protectedElements = CastUtils.cast((List<?>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
assertNotNull(protectedElements);
assertSame(protectedElements.size(), 1);
assertEquals(protectedElements.get(0).getName(), new javax.xml.namespace.QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
WSDataRef(org.apache.wss4j.dom.WSDataRef)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
QName(javax.xml.namespace.QName)
Test(org.junit.Test)
Example 7 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class WSS4JInOutTest method testCustomProcessor.
@Test
public void testCustomProcessor() throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = getSoapMessageForDom(doc);
msg.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
msg.put(ConfigurationConstants.SIG_PROP_FILE, "outsecurity.properties");
msg.put(ConfigurationConstants.USER, "myalias");
msg.put("password", "myAliasPassword");
handler.handleMessage(msg);
SOAPMessage saajMsg = msg.getContent(SOAPMessage.class);
doc = saajMsg.getSOAPPart();
assertValid("//wsse:Security", doc);
assertValid("//wsse:Security/ds:Signature", doc);
byte[] docbytes = getMessageBytes(doc);
StaxUtils.read(new ByteArrayInputStream(docbytes));
final Map<String, Object> properties = new HashMap<>();
properties.put(WSS4JInInterceptor.PROCESSOR_MAP, createCustomProcessorMap());
WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties);
SoapMessage inmsg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(ConfigurationConstants.ACTION, WSHandlerConstants.NO_SECURITY);
inHandler.handleMessage(inmsg);
List<WSHandlerResult> results = getResults(inmsg);
assertTrue(results != null && results.size() == 1);
List<WSSecurityEngineResult> signatureResults = results.get(0).getActionResults().get(WSConstants.SIGN);
assertTrue(signatureResults == null || signatureResults.isEmpty());
}
Also used :
HashMap(java.util.HashMap)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
Exchange(org.apache.cxf.message.Exchange)
ByteArrayInputStream(java.io.ByteArrayInputStream)
MessageImpl(org.apache.cxf.message.MessageImpl)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Test(org.junit.Test)
Example 8 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class WSS4JInOutTest method testEncryptedUsernameToken.
@Test
public void testEncryptedUsernameToken() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPTION);
outProperties.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties");
outProperties.put(ConfigurationConstants.USER, "alice");
outProperties.put("password", "alicePassword");
outProperties.put(ConfigurationConstants.ENCRYPTION_USER, "myalias");
outProperties.put(ConfigurationConstants.ENCRYPTION_PARTS, "{Content}{" + WSS4JConstants.WSSE_NS + "}UsernameToken");
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPTION);
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
List<String> xpaths = new ArrayList<>();
xpaths.add("//wsse:Security");
SoapMessage inmsg = makeInvocation(outProperties, xpaths, inProperties);
List<WSHandlerResult> handlerResults = getResults(inmsg);
assertNotNull(handlerResults);
assertSame(handlerResults.size(), 1);
//
// This should contain exactly 2 protection results
//
final java.util.List<WSSecurityEngineResult> protectionResults = handlerResults.get(0).getResults();
assertNotNull(protectionResults);
assertSame(protectionResults.size(), 2);
final Principal p1 = (Principal) protectionResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
final Principal p2 = (Principal) protectionResults.get(1).get(WSSecurityEngineResult.TAG_PRINCIPAL);
assertTrue(p1 instanceof UsernameTokenPrincipal || p2 instanceof UsernameTokenPrincipal);
Principal utPrincipal = p1 instanceof UsernameTokenPrincipal ? p1 : p2;
SecurityContext securityContext = inmsg.get(SecurityContext.class);
assertNotNull(securityContext);
assertSame(securityContext.getUserPrincipal(), utPrincipal);
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
SecurityContext(org.apache.cxf.security.SecurityContext)
Principal(java.security.Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
Test(org.junit.Test)
Example 9 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class SamlTokenTest method testSaml2TokenWithRoles.
/**
* This test creates a SAML2 Assertion and sends it in the security header to the provider.
* An single attribute is created for the roles but multiple attribute value elements.
*/
@Test
public void testSaml2TokenWithRoles() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
outProperties.put(ConfigurationConstants.USER, "alice");
outProperties.put("password", "password");
outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
callbackHandler.setSignAssertion(true);
callbackHandler.setStatement(Statement.ATTR);
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
validator.setRequireSAML1Assertion(false);
validator.setRequireSenderVouches(false);
validator.setRequireBearer(true);
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
List<String> xpaths = Arrays.asList("//wsse:Security", "//wsse:Security/saml2:Assertion");
Map<String, String> inMessageProperties = new HashMap<>();
inMessageProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
SecurityContext sc = message.get(SecurityContext.class);
assertNotNull(sc);
assertTrue(sc.isUserInRole("user"));
assertTrue(sc.isUserInRole("admin"));
WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
assertTrue(receivedAssertion.isSigned());
}
Also used :
Message(org.apache.cxf.message.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SOAPMessage(javax.xml.soap.SOAPMessage)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
SecurityContext(org.apache.cxf.security.SecurityContext)
AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)
Test(org.junit.Test)
Example 10 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class SamlTokenTest method testSaml1Token.
private SecurityContext testSaml1Token(boolean allowUnsignedPrincipal) throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
List<String> xpaths = Arrays.asList("//wsse:Security", "//wsse:Security/saml1:Assertion");
Map<String, String> inMessageProperties = new HashMap<>();
if (allowUnsignedPrincipal) {
inMessageProperties.put(SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, "true");
}
inMessageProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
assertFalse(receivedAssertion.isSigned());
return message.get(SecurityContext.class);
}
Also used :
Message(org.apache.cxf.message.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SOAPMessage(javax.xml.soap.SOAPMessage)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Aggregations
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35
Element (org.w3c.dom.Element)23
HashMap (java.util.HashMap)19
ArrayList (java.util.ArrayList)18
Test (org.junit.Test)18
QName (javax.xml.namespace.QName)17
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16
X509Certificate (java.security.cert.X509Certificate)12
SOAPMessage (javax.xml.soap.SOAPMessage)12
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12
SecurityContext (org.apache.cxf.security.SecurityContext)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
Message (org.apache.cxf.message.Message)9
WSDataRef (org.apache.wss4j.dom.WSDataRef)9
Document (org.w3c.dom.Document)9
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8
BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8
RequestData (org.apache.wss4j.dom.handler.RequestData)8
